Method and system for controlling access to data stored on a data storage device

ABSTRACT

A system and method of data encryption and decryption for controlling access to a data storage device such as a hard disk drive or optical drive is provided. The invented method utilizes data encryption and decryption techniques, combined with a token device, to control access to data stored on the data storage device.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates generally to data encryption anddecryption systems and methods and, more particularly, to a method andsystem for controlling access to a data storage device.

2. Background Information

As electronic data becomes increasingly important, in both the businessworld and in personal lives, the need to protect such data similarlyincreases. Electronic data is typically stored on a data storage device.Known data storage devices include hard disk drives, tape drives, andoptical disk drives, and may be situated in a computer system. Knowncomputer systems include personal computers, or desktop computers, aswell as networked computers.

The importance of the data stored on storage devices cannot be underemphasized. Business accounting records, personnel records, researchinformation, images, and personal information are stored as data onstorage devices, and each is important for obvious reasons.

Therefore, preventing unauthorized access to data is critical.Unauthorized access to data stored on the storage device, often resultsin tampering with the data. This data tampering may include deletion,corruption, or infection of the data with a computer virus, for example.Any of these may render the data inaccessible or unusable by anauthorized user. Thus, the information that the electronic datarepresents is lost to the user.

Data encryption/decryption is a long established means of controllingaccess to data. Similarly, systems and methods of dataencryption/decryption are common in the prior art. Methods of dataencryption and decryption are commonly configured as computer programsand are stored on a computer's storage device. Dataencryption/decryption programs may be invoked by a user of the computeror may be invoked during boot up of the computer.

U.S. patent application Ser. No. 09/562,385, to P. Lin, the first thenamed inventor of the subject application is incorporated herein, in itsentirety, by reference. Disclosed therein is a method of authenticationof a user by an exchange that includes an electronic serial number, aplurality of substring designations, and a calculated authenticationstring. A user and an authentication authority each possess anidentification string associated with the electronic serial number. Byapplying one or more operations, some of which may be exchanged across anetwork and others of which may be associated with the electronic serialnumber, a different authentication string can be calculated each timeauthentication is requested, making the methods and devices practicingthis invention resistant to efforts to compromise the authentication.

BRIEF SUMMARY OF THE INVENTION

The present invention provides a system and method of data encryptionand decryption for controlling access to a data storage device such as ahard disk drive or optical drive. The invented method utilizes dataencryption and decryption techniques, combined with a token device, tocontrol access to the data storage device. The invented method filtersthe flow of data between the storage device and a memory. Further, themethod utilizes a symmetrical key for decrypting data, as the data istransmitted from the storage device to the memory, and for encryptingdata, as the data is transmitted from memory to the storage device.

Preferably, the method of the present invention is installed in acomputer system and stored on a data storage device, such as a hard diskdrive or optical disk drive, of the computer system. The computer systemmay comprise a known “stand-alone” computer, such as a known personalcomputer or desktop computer, or may comprise a plurality of networkedcomputers.

A unique token device is detachably coupled to a data port of thecomputer. The token device may include a processor running a dataencryption/decryption program and a memory device for storing user data.Each token device is also provided with a unique string of information.This unique string of information, in combination with theencryption/decryption program running on the token's processor, enablesthe token to generate data that is unique to that token device. A copyof the unique string of information may reside at a remote location. Thecopy of the unique string of information is provided to enable boot upof the computer, if the token is lost or misplaced.

During installation of the invented method, a first 16-byte dynamic seedor puzzle S_(R) is generated and stored in the token's memory. The firstpuzzle S_(R) allows recovery of data stored on the storage device. Thetoken's processor also uses S_(R) to generate a Clear File Key (CFK).The CFK is a non-encrypted, symmetric file key that is used to encryptand decrypt data stored on the computer's storage device, to allowaccess to the data by the user.

The CFK is transmitted to the computer's memory and remains there untilthe computer is powered down. While residing in memory, CFK is used todecrypt data, as the data is transmitted from the storage device to thememory, and to encrypt data, as the data is transmitted from memory tothe storage device. Thus, the CFK, along with the dataencryption/decryption program running on the computer's processor,filters the flow of data between the storage device and the computer'smemory to prevent access to data on the storage device, since the datais in encrypted form.

Next, the token's processor outputs a first dynamic key K_(n), based onthe value of a subsequent dynamic puzzle S_(n). The first dynamic keyK_(n) can function as a one-time password, since a new dynamic key K_(n)is generated for each dynamic puzzle S_(n). For example, if the userloses or misplaces their token, the subsequent dynamic puzzle S_(n) canbe transmitted to an administrator that possess the copy of the uniquestring of information. The administrator may reside at a remote locationand may be accessed via conventional methods, such as the Internet, acompany's intranet, or other known methods. Upon receiving thesubsequent dynamic puzzle S_(n), the administrator can generate K_(n),and forward K_(n) to the user.

CFK is fed into the computer's processor along with K_(n). Thecomputer's processor, which may be running an AES dataencryption/decryption algorithm, generates a first Encrypted File Key(EKF_(n)), using CFK as the input and K_(n) as the encryption key.EKF_(n) is then stored on the computer's storage device along withS_(n). The encrypted file key (EKF_(n)) hides the true CFK, to preventaccess to encrypted data on the storage device.

In use, the invented method is initialized when a user couples theirunique token device to the data port and boots up the computer. Uponbooting the computer, the invented method first reads the subsequentdynamic puzzle S_(n), then feeds S_(n) into the token for processing.The token's processor again recognizes S_(n) and outputs the firstdynamic key K_(n). EKF_(n) is then decrypted, using K_(n), to generateCFK.

Additionally, a next subsequent dynamic puzzle S_(n+1) is generated forthe next boot up of the computer and initialization of the method. Eachtime the invented method is invoked, a new puzzle S_(n+1) is generatedso that the puzzle, or seed, is dynamic. The next subsequent dynamicpuzzle S_(n+1) is simultaneously transmitted to the token and stored onthe computer's storage device and overwrites the previously storedpuzzle S_(n.)

Upon receiving the next subsequent dynamic puzzle S_(n+1), the token'sprocessor generates a subsequent dynamic key K_(n+1). CFK is thenencrypted using the subsequent dynamic key K_(n+1) to generate a newsubsequent Encrypted File Key (EKF_(n+1)). EKF_(n+1) is then stored onthe storage device. The encrypted file key, EKF_(n+1) is the encryptedform of CFK and hides the true CFK, as previously discussed.

Upon initialization of the invented method, the computer will completeits boot up processes and the user operates the computer in a normalfashion. The user may remove the token from the computer's data port,upon the computer completing its boot up processes, if desired. Theinvented method has generated and saved the next subsequent dynamicpuzzle S_(n+1) and subsequent encrypted file key EKF_(n+1), so themethod is ready for the next boot up of the computer and initializationthereof.

When the user has finished using the computer, the computer is powereddown and CFK is erased from memory. The user may then remove theirunique token device from the data port, if they have not previously doneso. If an attempt is made to access data stored on the storage device,the computer will not completely boot up without the token device, andaccess to the data on the storage device will be prevented, since thedata is in encrypted form. Additionally, if a user couples a differenttoken device to the computer's data port, that token device would notoutput the correct dynamic key K_(n), since that token device has adifferent unique string of information. A different unique string ofinformation results in an incorrect dynamic key K_(x) being generatedand the Encrypted File Key EKF_(n) would not be decrypted.

BRIEF DESCRIPTION OF THE DRAWINGS

The objects and features of the present invention, which are believed tobe novel, are set forth with particularity in the appended claims. Thepresent invention, both as to its organization and manner of operation,together with further objects and advantages, may best be understood byreference to the following description, taken in connection with theaccompanying drawings, in which:

FIG. 1 is a schematic diagram of a computer system and a token device ofa preferred embodiment of the method of the present invention;

FIG. 2 is a flow chart showing an installation procedure of a preferredembodiment of the method of the present invention; and

FIG. 3 is a flow chart showing an operating procedure of the method ofthe present invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The following description is provided to enable any person skilled inthe art to make and use the invention and sets forth the best modespresently contemplated by the inventors of carrying out the invention.Various modifications, however, will remain readily apparent to thoseskilled in the art, since the generic principles of the presentinvention have been defined herein.

The present invention provides a method of data encryption anddecryption for controlling access to a data storage device such as ahard disk drive or optical drive. The invented method utilizes dataencryption and decryption techniques, combined with a token device, tocontrol access to the data storage device. Further, the method utilizesa symmetrical key for decrypting data, as the data is transmitted fromthe storage device to the memory, and for encrypting data, as the datais transmitted from memory to the storage device.

Referring now to FIG. 1 of the drawings, a preferred embodiment of themethod of the present invention is installed in a computer system 10 andstored on a data storage device 12 of the computer system 10. Forexample, the invented method may be provided in the form of a computerprogram and uploaded onto the computer system 10 and stored on thestorage device 12, as is well known. The data storage device 12 maycomprise any suitable known data storage device such as a hard diskdrive or optical disk drive. For ease of reference only, the datastorage device 12 will be referred to hereinafter as hard drive 12. Thecomputer system 10, hereinafter computer, may comprise a known“stand-alone” computer, such as a personal computer or desktop computer,or may comprise a plurality of networked computers (not shown), forexample. The computer 10 includes a processor 14 for processing data, amemory 16 for temporarily storing data, and a data port 18 to allowcoupling of external devices to the computer 10. Preferably, thecomputer's processor 14 is capable of running a 128-bit dataencryption/decryption program. Most preferably, the computer's process14 is capable of running a 128-bit Advanced Encryption Standard (AES)technology data encryption/decryption program or a similar dataencryption/decryption program.

A unique token device, shown schematically at 20, is configured to bedetachably coupled to the computer 10 via its data port 18. The token 20and data port 18 may be configured in any desired mutually compatibleform factor which affords coupling and decoupling of the token 20 withthe data port 18, and thus to the computer 10. For example, the dataport 18 may comprise a known USB (Universal Serial Bus) port or similardata port.

The token 20 preferably includes an on-board processor 22 for processingdata, a memory device 24 for storing data, and a coupling portion 26 forcoupling the token 20 to the data port 18. The on-board processor 22 ispreferably capable of processing 128-bit data. Additionally, theprocessor 22 is capable of running a data encryption/decryption program,such as an Advanced Encryption Standard (AES) technology dataencryption/decryption program.

The token's memory device 24 includes a secure region 24A. The memorydevice 24 is configured to maintain data in the secure region 24A evenwhen power to the token 20 is removed. Vital user data, such as apassword for example, may be stored in the secure region 24A of thememory device 24 to prevent loss of the data.

Additionally, the token 20 is provided with a unique string ofinformation. This unique string of information, in combination with theencryption/decryption program running on the token's processor 22,enables the token 20 to generate data that is unique to that tokendevice. A copy of the unique string of information may be possessed anadministrator (not shown) residing at a remote location. The copy of theunique string of information is provided to enable boot up of thecomputer 10, if the token 20 is lost or misplaced. The administrator mayreside at a remote location and may be accessed via conventionalmethods, such as the Internet, a company's intranet, or other knownmethods.

Referring now to FIG. 2 of the drawings, there is shown generally at100, an installation procedure of a preferred embodiment of the inventedmethod. The installation procedure 100 begins at start block 102. Theinstallation procedure 100 of the preferred embodiment of the inventedmethod is initialized in process block 104 where a user couples theirtoken 20 to the computer's data port 18 and begins uploading theinvented method on to the computer 10. For example, prior toinstallation the invented method may be stored on a known portable datastorage device such as a compact disk or floppy disk, shownschematically at 26. The disk 26 is inserted in a disk drive 28 of thecomputer 10. The disk drive 28 reads the data, comprising the inventedmethod, stored on the disk 26 and begins transmitting the data to thecomputer 10, as is well known.

In process block 106, the method generates a first dynamic seed orpuzzle S_(R). The first puzzle S_(R) is simultaneously stored in thesecure region 24A of the token's memory 24 and on the computer's harddrive 12 in process block 108. The first puzzle S_(R) functions as arescue puzzle to allow recovery of data stored on the computer's harddrive 12 (more thoroughly discussed hereinafter). The dynamic puzzleS_(R) may be a randomly generated 16-byte number that may be generatedby any one of several well known methods.

The invented method continues in process block 110 where, when the firstpuzzle S_(R) is stored in the token's memory 24A, the puzzle S_(R) isalso fed into the token's processor 22. Using a dataencryption/decryption program, such as an AES encryption program,running on its processor 22, the token 20 generates and outputs a ClearFile Key (CFK) in process block 112. The Clear File Key (CFK) is basedon the first puzzle S_(R) received by the processor 22. The CFK is anon-encrypted, symmetric file key that is used to encrypt and decryptdata stored on the computer's hard drive 12, to allow access to the databy the user. In process block 114 CFK is transmitted to the computer'smemory 16 and remains there until the computer 10 is powered down.

A subsequent dynamic puzzle S_(n) is then generated in process block 116by the installation procedure 100 of the invented method. In processblock 118, the subsequent dynamic puzzle S_(n) is simultaneously fedinto the token's memory 24 and stored on the hard drive 12. In processblock 120 the token's processor 22 recognizes the subsequent dynamicpuzzle S_(m) as a challenge. Using the AES program and the token'sunique string of information, the processor 22 outputs a first dynamickey K_(n), based on the value of the subsequent dynamic puzzle S_(n).

The first dynamic key K_(n) can function as a one-time password, since anew dynamic key K_(n) is generated for each subsequent dynamic puzzleS_(n). For example, if the user loses or misplaces their token, thesubsequent dynamic puzzle S_(n) can be transmitted to the administratorpossessing the copy of the unique string of information. Upon receivingthe subsequent dynamic puzzle S_(n), the administrator can generateK_(n), and forward K_(n) to the user. The first dynamic key K_(n) isthen transmitted to the computer's memory 16 in process block 122.

In process block 124, CFK is fed into the computer's processor 14 alongwith K_(n). The computer's processor 14, running an AES dataencryption/decryption algorithm, generates a first Encrypted File Key(EKF_(n)), using CFK as the input and K_(n) as the encryption key, inprocess block 126. EKF_(n) is then stored on the hard drive 12 inprocess block 128. The encrypted file key (EKF_(n)) hides the true CFK,to prevent access to data on the hard drive 12. The dataencryption/decryption program running on the computer's processor 14then encrypts the data on the hard drive 12 using CFK in process block130. Thus, the CFK, along with the encryption/decryption program runningon the computer's processor 14, filters the flow of data between thehard drive 12 and the computer's memory 16 to prevent access to data onthe hard drive 12, since the data is in encrypted form.

Data is encrypted with CFK to prevent access to the stored data. Theinstallation procedure 100 of the invented method terminates in endblock 132. Upon completion of installation of the invented method, auser may power down (turn off) the computer 10 or they may manipulatedata stored on the hard drive 12 as they normally would. The user mayremove the token 20 from the computer's data port 18, upon the computer10 completing its boot up processes, if desired. If the computer 10 ispowered down, the user removes their token 20 from the data port 18 toprevent unauthorized access to data stored on the hard disk drive 12, ifthey have not previously removed the token 20.

Referring now to FIG. 3 of the drawings, there is shown generally at200, an operating procedure of the invented method. The operatingprocedure 200 begins in start block 202. The operating procedure 200 isinitialized when a user couples their unique token device 20 to the dataport 18 and starts up, or boots up, the computer 10 in process block204. Upon booting the computer 10, in process block 206, the operatingprocedure 200 of the invented method reads the subsequent dynamic puzzleS_(n) that is stored on the hard drive 12 and transmits the dynamicpuzzle S_(n) to the token's processor 22 for processing. In processblock 208, the token's processor 22 again recognizes the puzzle S_(n) asa challenge, then using the AES encryption/decryption algorithm and thetoken's unique string of information, outputs the first dynamic keyK_(n). The first dynamic key K_(n) is then fed transmitted to thecomputer 10 in process block 210.

In process block 212, EKF_(n) is transmitted into the computer'sprocessor 14 for decryption using K_(n). Using the AES algorithm, thecomputer's processor 14 uses the first dynamic key K_(n) to decryptEKF_(n) and generate CFK in process block 214. While the computer 10 isin use, the CFK remains in the computer's memory 16 to allowmanipulation of data on the hard drive 12, as shown in process block216. The CFK is transmitted to the computer's memory 16 and remainsthere until the computer 10 is powered down. The dataencryption/decryption program running on the computer's processor 14uses the CFK residing in memory 16 to decrypt data, as the data istransmitted from the hard drive 12 to the computer's memory 16, and toencrypt data, as the data is transmitted from memory 16 to the harddrive 12. Thus, the CFK, along with the data encryption/decryptionprogram running on the computer's processor 14, filters the flow of databetween the hard drive 12 and the computer's memory 16 to prevent accessto data on the hard drive 12, since the data is in encrypted form. Inprocess block 218, the operating procedure 200 of the invented methodautomatically generates a next subsequent dynamic puzzle S_(n+1) for thenext boot up of the computer 10 and initialization of the operatingprocedure 200 of the invented method. After installation, each time theinvented method is invoked, a new puzzle S_(n+1), S_(n+n), is generatedso that the puzzle, or seed, is dynamic and cannot be readilyduplicated. Once the new puzzle S_(n+1), is generated, it issimultaneously transmitted to the token 20 and stored on the computer'shard drive 12 in process block 220. The new puzzle S_(n+1), overwritesany puzzle S_(n) previously stored on the hard drive 12.

In process block 222, upon receiving the next subsequent dynamic puzzleS_(n+1), the token's processor 22 again recognizes the puzzle S_(n+1) asa challenge, and uses the value of S_(n+1) to generate a subsequentdynamic key K_(n+1). In process block 224, CFK and the subsequentdynamic key K_(n+1), are fed into the computer's processor 14, which isrunning the AES algorithm. The AES algorithm processes the two keys andoutputs a new subsequent Encrypted File Key (EKF_(n+1)) in process block226. EKF_(n+1) is stored on the hard drive 12 in process block 228. Theencrypted file key, EKF_(n+1) is the encrypted form of CFK and preventsdecryption CFK to prevent access to data stored on the hard drive 12, aspreviously discussed. The operating procedure 200 of the invented methodthen terminates in end block 230.

Upon completion of the operating procedure 200 of the invented method,the computer 10 will complete its boot up processes and the user canoperate the computer 10 in a normal fashion. The user may then removetheir unique token device 20 from the data port 18 if desired. Theinvented method has generated and saved the next subsequent dynamicpuzzle S₂₊₁ and subsequent encrypted file key EKF_(n+1), so the methodis ready for the next subsequent boot up of the computer 10 andinitialization thereof.

When the user has finished using the computer 10, the computer 10 ispowered down. EKF_(n+1) and S_(n+1) are stored on the hard drive 12 andCFK is erased from the computer's memory 16. The user removes theirunique token device 20 from the computer's data port 18, if they havenot previously done so. Data stored on the computer's hard drive 12 isprotected from unwanted access since the data is in encrypted form. Ifan attempt is made to access data stored on the hard drive 12, thecomputer 10 will not completely boot up without the token 20, and accessto the data on the hard drive 12 will be prevented, since the data isencrypted.

Additionally, if a user couples a different token device to thecomputer's data port, that token device would not output the correctdynamic key K_(n), since that token device has a different unique stringof information. A different unique string of information results in anincorrect dynamic key K_(x) being generated and the Encrypted File KeyEKF_(n) would not be decrypted.

While the computer 10 is in use, any one of a number of variedcircumstances may arise that may cause the computer 10, or it's harddrive 12 to fail, commonly referred to as “crash”. Such a failure mayinhibit the user's access to S_(n+1) and EKF_(n+1), due to corruption ofdata stored on the hard drive 12. However, since the rescue puzzle S_(R)is stored in the secure region 24A of the token's memory 24, and S_(R)directly generates CFK, the user may access recoverable data stored onthe hard drive 12.

Upon coupling the token 20 to the computer 10 and rebooting the computer10, the token 20 outputs CFK, as previously discussed. The user then hasaccess to data stored on the hard drive 12. The invented method is thenreinstalled via the previously discussed installation procedure 100.

Those skilled in the art will appreciate that various adaptations andmodifications of the just-described preferred embodiments can beconfigured without departing from the scope and spirit of the invention.Therefore, it is to be understood that, within the scope of the appendedclaims, the invention may be practiced other than as specificallydescribed herein.

1. A method for controlling access to data stored on a storage device in a computer system, the method comprising the following steps: (a) coupling a token device to the computer system; (b) activating the computer system; (c) reading a puzzle stored on the storage device; (d) transmitting the puzzle to the token device, the token device generating a dynamic key responsive to receipt of the puzzle; (e) transmitting the dynamic key to a processor of the computer system; (f) reading an encrypted file key stored on the storage device and transmitting the encrypted file key to the processor; (g) decrypting the encrypted file key using the dynamic key to generate a clear file key; (h) storing the clear file key in memory; (i) generating a subsequent puzzle and storing the subsequent puzzle on the storage device; (j) transmitting the subsequent puzzle to the token device, the token device generating a subsequent dynamic key responsive to receipt of the subsequent puzzle; (k) transmitting the subsequent dynamic key to the processor of the computer system and transmitting the clear file key to the processor of the computer system; and (l) encrypting the clear file key with the subsequent dynamic key to generate a subsequent encrypted file key and storing the subsequent encrypted file key on the storage device.
 2. The method of 1 wherein a subsequent puzzle and a subsequent dynamic key are generated each subsequent activation of the computer system to generate a subsequent encrypted file key for preventing decryption of the clear file key to prevent access to data stored on the storage device.
 3. The method of 1 wherein a unique string of information is stored on the token device and a copy of the unique string of information resides with an administrator, the unique string of information residing with the administrator enabling generation of the dynamic key.
 4. The method of 3 wherein if the token device cannot be located, then the method comprising the following steps: transmitting the puzzle to the administrator, the administrator selecting a unique string of information corresponding to the puzzle; generating the dynamic key; and transmitting the dynamic key to the computer system.
 5. A method for installing a method of controlling access to data stored on a storage device in a computer system, the installation method comprising the following steps: (a) coupling a token device to the computer system; (b) activating the computer system; (c) generating a rescue puzzle and storing the rescue puzzle in a memory of the token device; (d) generating a clear file key responsive to generation of the rescue puzzle; (e) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system; (f) encrypting data stored on the storage device with the clear file key; (g) generating a first puzzle and storing the first puzzle on the storage device; (h) transmitting the first puzzle to the token device, the token device generating a first dynamic key responsive to receipt of the first puzzle; (i) transmitting the clear file key and the first dynamic key to the processor of the computer system; (j) encrypting the clear file key with the first dynamic key to generate a first encrypted file key; and (k) storing the first encrypted file key on the storage device.
 6. The method of claim 5 wherein if data stored on the storage device becomes inaccessible then providing a method of regaining access to data stored on the storage device comprising the following steps: (1) if the computer system is activated, first deactivating the computer system, then coupling the token device to the computer system, and if the computer system is deactivated, then coupling the token device to the computer system; (2) activating the computer system; (3) generating the rescue puzzle and storing the rescue puzzle in the memory of the token device; (4) generating the clear file key responsive to generation of the rescue puzzle; (5) transmitting the clear file key to the computer system and storing the clear file key in computer system's memory; and (6) repeating step (f) through step (k) of claim 3 to regain access to data stored on the storage device and to reinstall the method of controlling access to data stored on a storage device in a computer system.
 7. The method of 5 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.
 8. A method for installing a method of controlling access to data stored on a storage device in a computer system, the installation method comprising the following steps: (a) coupling a token device to the computer system, the token device including a processor and a memory, the processor running a data encryption/decryption program; (b) activating the computer system; (c) generating a rescue puzzle and storing the rescue puzzle in the memory of the token device; (d) generating a clear file key with the token device's processor responsive to the token device receiving the rescue puzzle; (e) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system; (f) encrypting data stored on the storage device with the clear file key, the clear file key encrypting and decrypting data on the storage device to control access to the data; (g) generating a first puzzle; (h) simultaneously transmitting the first puzzle to the token device and storing the first puzzle on the storage device, the token device's processor generating a first dynamic key responsive to receipt of the first puzzle; (i) transmitting the clear file key and the first dynamic key to a processor of the computer system; and (j) encrypting the clear file key with the first dynamic key to generate a first encrypted file key; and (k) storing the first encrypted file key on the storage device, the first encrypted file key preventing decryption of the clear file key to prevent access to data encrypted and decrypted by the clear file key.
 9. The method of 8 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.
 10. A method for controlling access to data stored on a storage device in a computer system, the method comprising the following steps: (a) installing the method on a storage device in the computer system, the installation method comprising the following steps: (1) coupling a token device to the computer system, the token device including a processor and a memory, (2) activating the computer system; (3) generating a rescue puzzle and storing the rescue puzzle in the memory of the token device; (4) generating a clear file key with the token device's processor responsive to the token device receiving the rescue puzzle; (5) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system; (6) encrypting data stored on the storage device with the clear file key, the clear file key encrypting and decrypting data on the storage device to control access to the data; (7) generating a first puzzle; (8) simultaneously transmitting the first puzzle to the token device and storing the first puzzle on the storage device, the token device's processor generating a first dynamic key responsive to receipt of the first puzzle; (9) transmitting the clear file key and the first dynamic key to a processor of the computer system; (10) encrypting the clear file key with the first dynamic key to generate a first encrypted file key; (11) storing the first encrypted file key on the storage device, the first encrypted file key preventing decryption of the clear file key to prevent access to data encrypted and decrypted by the clear file key; and (12) allowing the computer system to complete a boot up process, whereby upon the computer system completing the boot up process access to data stored on the storage device is allowed and whereby when access to data stored on the storage device is no longer desired, the computer system is deactivated and the token device is removed from the computer system; and (b) controlling access to data stored on a storage device in a computer system comprising the following steps: (13) coupling the token device to the computer system; (14) activating the computer system; (15) reading the first puzzle stored on the storage device; (16) transmitting the first puzzle to the token device, the token device's processor generating the first dynamic key responsive to receipt of the first puzzle; (17) transmitting the first dynamic key to the computer system's processor; (18) reading the first encrypted file key stored on the storage device and transmitting the first encrypted file key to the computer system's processor; (19) decrypting the first encrypted file key using the first dynamic key to generate the clear file key; (20) storing the clear file key in the computer system's memory, the clear file key encrypting and decrypting data stored on the storage device to control access to the data while the computer system is activated; (21) generating a subsequent puzzle and storing the subsequent puzzle on the storage device; (22) transmitting the subsequent puzzle to the token device, the token device generating a subsequent dynamic key responsive to receipt of the subsequent puzzle; (23) transmitting the clear file key and the subsequent dynamic key to the computer system's processor; (24) encrypting the clear file key with the subsequent dynamic key to generate a subsequent encrypted file key; and (25) storing the subsequent encrypted file key on the storage device, whereby storing the subsequent encrypted file key and storing the subsequent puzzle initialize the method for a subsequent activation of the computer.
 11. The method of claim 10 wherein if data stored on the storage device becomes inaccessible then providing a method of regaining access to data stored on the storage device comprising the following steps: (a) if the computer system is activated, first deactivating the computer system, then coupling the token device to the computer system, and if the computer system is deactivated, then coupling the token device. to the computer system; (b) activating the computer system; (c) generating the rescue puzzle and storing the rescue puzzle in the memory of the token device; (d) generating the clear file key responsive to generation of the rescue puzzle; (e) transmitting the clear file key to the computer system and storing the clear file key in computer system's memory; and (f) repeating step (10) through step (12) of claim 8 to regain access to data stored on the storage device and to reinstall the method of controlling access to data stored on a storage device in a computer system.
 12. The method of 11 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.
 13. The method of 10 wherein a subsequent puzzle and a subsequent dynamic key are generated each subsequent activation of the computer system to generate a subsequent encrypted file key for preventing decryption of the clear file key to prevent access to data stored on the storage device.
 14. The method of 10 wherein a unique string of information is stored on the token device and a copy of the unique string of information resides with an administrator, the unique string of information residing with the administrator enabling generation of the dynamic key.
 15. The method of 14 wherein if the token device cannot be located, then the method comprising the following steps: transmitting the puzzle to the administrator, the administrator selecting a unique string of information corresponding to the puzzle; generating the dynamic key; and transmitting the dynamic key to the computer system. 